Is there a way to have mwg7 immediately block the response if it sees two HTTP 302 redirects in a row? Here's the scenario:

A user is casually browsing the internet.

Without being aware of it they come across a malicious or compromised web site which does a HTTP 302 redirect to another site

That site in question does yet another HTTP 302 redirect to another site

The final site (I've sometimes even seen a third redirect) is the one that delivers the malicious exploit

Although HTTP 302 redirects have their purpose on legit web sites, 2 or more redirects in a row is immediately suspicious to me and warrants either outright blocking or a more aggressive filtering policy to be applied.

I would also add a lot of analytics use redirects. Not google, but some of the other trackers, and while it might be nice from a privacy standpoint, it may also keep a page from loading at all.

That said, the problem you would have in making a ruleset for this is that all redirects entail a new request and a new 'transaction'. We don't keep a state table for separate requests for the same user/client ip address.

I would say that it's probably theoretically possible, but ill advised.

We don't keep a state table for separate requests for the same user/client ip address.

Yeah that's what I wasn't sure of. I couldn't think about how things would be properly tracked through multiple cycles but wasn't sure if there was a technique that handles this. This answers my question.